Building PUF Based Authentication and Key Exchange Protocol for IoT without Explicit CRPs in Verifier Database
Abstract: Physically Unclonable Functions (PUFs) promise to be a critical hardware primitive to provide unique identities to billions of connected devices in Internet of Things (IoTs). In traditional authentication protocols a user presents a set of credentials with an accompanying proof such as password or digital certificate. However, IoTs need more evolved methods as these classical techniques suffer from the pressing problems of password dependency and inability to bind access requests to the “things� from which they originate. Additionally, the protocols need to be lightweight and heterogeneous. Although PUFs seem promising to develop such mechanism, it puts forward an open problem of how to develop such mechanism without needing to store the secret challenge-response pair (CRP) explicitly at the verifier end. In this paper, we develop an authentication and key exchange protocol by combining the ideas of Identity based Encryption (IBE), PUFs and Key-ed Hash Function to show that this combination can help to do away with this requirement. The security of the protocol is proved formally under the Session Key Security and the Universal Composability Framework. A prototype of the protocol has been implemented to realize a secured video
surveillance camera using a combination of an Intel Edison board, with a Digilent Nexys-4 FPGA board consisting of an Artix-7 FPGA, together serving as the IoT node. We show, though the stand-alone video camera can be subjected to man-inthe-middle attack via IP-spoofing using standard network penetration tools, the camera augmented with the proposed protocol resists such attacks and it suits aptly in an IoT infrastructure making the protocol deployable for the industry. Existing system: A specific challenge and its corresponding response together form a ChallengeResponse Pair (CRP) for a given PUF instance. PUF based authentication protocols rely on this “challenge-response authentication� mechanism, rather than on a single secret cryptographic key. The response generated on-the-fly by the challenge applied to a PUF instance can be used to generate session key for secure message encryption; thus offloads the complexity of managing and storing the keys for IoT device. Proposed system: We propose an authentication and key exchange protocol combining the concepts of PUF, IBE and Key-ed Hash Function. The protocol solves an open problem in the domain of PUF based protocols, alleviating the overhead from the verifier to store the CRP database of the PUF and the dependency of imposing security mechanism to keep it secret. In traditional PUF based protocols, if a verifier needs to authenticate k IoT nodes, let us assume that it stores l number of m-bit challenges and its corresponding n bit responses. Advantages: We implement a prototype of the protocol to securely authenticate a video surveillance camera, commercially purchased and devoid of any inbuilt security feature. The prototype was implemented following a hardware/software co-design, by connecting the camera to an Intel Edison board, providing the IP and hosting the protocol operation, while the hardware circuit of the PUF is implemented and unique ID is generated from a Artix-7 FPGA. But, PUF responses are corrupted by noise and other environmental factors when deployed in an embedded system. Hence helper data algorithm or fuzzy extractor is
used to generate cryptographic keys with appropriate entropy from noisy and nonuniform random PUF responses. Disadvantages: One of the major security challenges in IoT framework is the authentication and key management of potentially billions of devices deployed in the network. We try to address this problem and provide a lightweight and secure solution using PUFs and IBE. A PUF circuit realization can be thought to be an unconventional, lightweight hardware security primitive proposed in various security applications such as IC anti-counterfeiting, device identification and authentication, binding hardware to software platforms, secure storage of cryptographic secrets, keyless secure communication etc. Modules: Session Key Security Model: Here all parties involved in the protocol are assumed to be trusted. The attacker either (i) eavesdrops the communication link without any change or addition to the messages (e.g. packet sniffing attack ) or, (ii) has full control over the links and can modify the messages ( e.g. packet injection or re-routing attack). In Section 5.1.3, it has been shown that the protocol is secure against both of these attack variants. Public Key Based Protocols Authentication and key exchange have been traditionally handled by the use of public key encryption. The two conventional ways of handling encryption is by the use of Public Key Infrastructure (PKI) or by the use of Identity Based Encryptions (IBE). In, new protocols have been proposed for the IP protection problem on FPGAs using PUFs and PKI based public key cryptography. But PKI has been plagued with several shortcomings of non-uniform standards, and most importantly the difficulty of handling certificates generated by a trusted third party, virtually making it infeasible for IoT applications where billions of devices are expected to communicate. Security Credential Generator
We describe the authentication and key exchange protocol that can be suitably implemented in an IoT infrastructure. Represents the functional blocks of the proposed security architecture. The architecture consists of four major components: the Security Credential Generator (SCG), the Security Association Provider (SAP), the Verifier Node and the IoT Node. The IoT nodes, which play the role of prover, reside at the lowest level of the architecture. In our proposal, we assume these IoT nodes to be PUF-enabled, and having low hardware and software footprint and limited computational abilities. They prove their authenticity using respective embedded PUF instances to the immediate upper layer nodes, which play the role of verifier and are relatively resourceful.
Session-Key Security The definition of Session-Key Security (SK security) is based on the approach called “security by indistinguishability�. To elaborate, this approach evaluates the security of a cryptographic system as follows. Suppose, two games Game1 and Game2 are constructed in which the adversary communicates with the protocol under consideration. If no feasible adversary can distinguish between whether she is interacting with Game1 or Game2, then the protocol is said to be indistinguishable and secure.